The invention relates to a method for the machine enciphering and the authorized deciphering of multidigit data as well as to a system for implementing the method.
Electronic data processing systems are used to a considerable extent as central data service systems accessible to a plurality of users via remote input/output terminals. It is important for such systems to provide data privary and protection against unauthorized use. For the purpose of data security, it is known to provide enciphering systems at those points of the system which are particularly liable to unauthorized access. This applies, for example, to transmitters of remote data processing lines or to data base storages shared by several users.
Basically, the sequential enciphering method and the block cipher method are distinguished between. With the sequential method, a key sequence is generated from an initial key, and the sequence thus obtained is used to encopher by substitution, i.e., replacing one data element by another of the sequence of data elements to be enciphered. This method is described by H. Feistel in an article "Cryptography and Computer Privacy," Scientific American, May 1973, Vol. 228, No. 5, pp. 15 to 23. In accordance with this method, the n-th data element is combined with the n-th key element in a suitable manner, for example, by modulo-2-addition. In the sequential method, the number of data elements is insignificant, as enciphering is effected in a continuous pass. For deciphering, the same method and the same key sequence are used. However, this method is secure only when a particular key sequence is used for one or a few enciphering steps, as it is possible to decode the key sequence from an enciphered information, so that any further information processed with that key sequence is no longer protected.
According to the block cipher method a data block of a predetermined length is enciphered by repeated and alternate permutation and substitution. Permutation is effected by mutually exchanging the elements of the data block in accordance with a predetermined pattern, while substitution is performed in parallel in the manner described above under control of an enciphering key for the elements of the data block. This method is also described in the above-noted article by H. Feistel.
In systems employing the block cipher method, it is also known for enciphering or deciphering to be carried out in successive iterations and to change the enciphering key after each iteration in accordance with a predetermined pattern. For this purpose, the bits of a data block to be enciphered are initially fed to a substitution stage whose result is permuted. The result thus obtained and the key word are subjected to a modulo-2-addition, the result of which is subsequently used for a further modulo-2-addition with the original data block. After the enciphering key has been changed by means of a predetermined positional shift, these operation steps are repeated with the result available at that stage. This process is continued until a full shift cycle of the enciphering key has been completed. The result available at that stage is the enciphered version of the original data block.
Also known are enciphering/deciphering arrangements wherein a data block to be enciphered is subdivided into segments which are sequentially processed. There are two series-connected sets of shift registers which are provided with an input/output coupling and the first one of which serves as an input register set for the data block to be enciphered, while the second one serves as a merge register set. The number of shift registers in each set corresponds to the bit number of a segment. The segments of the data block stored in the input register set together with selected segments of the enciphering key are successively subjected to one or several substitution operations. In the merge registers, the result bits of these operations are logically combined with the original data bits of the segment being processed or they are subjected to a repeated substitution operation. Although with arrangements of this kind enciphering or deciphering are to some extent serially effected, they nevertheless require extensive circuitry.
The methods described above are used mainly for the protection of data transmissions. However, it may be desirable to encipher stored data, in order to protect, for example, personnel data stored in a central data base against unauthorized access. The sequential methods described are inadequate here, since such applications do not permit a frequent change of key. The block enciphering methods, on the other hand, have the disadvantage that they are only suitable for fixed length data fields, whereby the block length has to be chosen fairly great for safety reasons. However, enciphered, different length data fields to be stored having a length that is increased to a block length or to a multiple of a block length by the addition of fill data elements require more storage space and longer transmission times. In the case of a data field to be protected by enciphering, an adaptation of the length to the block length necessitates a reorganization of the data base.